unlabeled_t types for files
Stephen Smalley
sds at tycho.nsa.gov
Thu Oct 18 17:59:49 UTC 2012
On 10/18/2012 01:08 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
> We have been recently seeing some denials related to one of our files I
> ramfs
>
> The audit2allow shows as follows
>
> allow mount_t unlabeled_t:filesystem relabelfrom;
> Our product is based on RHEL6 . We did not see this in the RHEL5
> version of our product.
>
> Why would there be files of type unlabeled_t on the system with the
> move to RHEL6?
Note that the class was "filesystem", not "file". So this is a denial
upon an attempt to mount a filesystem with a context= or fscontext=
mount option. The fact that it was originally unlabeled_t means that
the policy had no entry for the filesystem type in its fs_use or
genfs_contexts configuration. You should have gotten another message
from SELinux (with a SELinux: prefix) when it was first mounted about it
not being configured for labeling.
More information about the selinux
mailing list